[…] This is the new frontier of defence. For years, we have been building a defensive capability to protect ourselves against these cyber attacks. That is no longer enough.You deter people by having an offensive capability. We will build in Britain a cyber strike capability so we can strike back in cyber space against enemies who attack us, putting cyber alongside land, sea, air and space as a mainstream military activity. Our commanders can use cyber weapons alongside conventional weapons in future conflicts.

[…] Thomas Rid, reader in the department of war studies at King’s College London questioned Hammond’s claims. How exactly do you deter? In cyber space, you have to penetrate a target before you can attack it, so to deter you have to attack first. Referring to Hammond’s claims that you deter people by having an offensive capability, Rid told the Guardian: “This is not the case in cyber security”. He added: “Building a cyber weapon means attacking first. Building an offensive capability requires knowing the target first, in detail, including unique configurations of industrial control systems — known as SCADA. Knowing the target requires penetrating the target first, through aggressive probing for intelligence. The effect is escalation, not deterrence.“ Rid added: “Code doesn’t explode on its own — an attacker has to weaponise the target: crash a plane, stop a power plant, cause a blackout. This means that a bespoke piece of attack code has to be designed for every single automated target. That is difficult.” Rid is author of Cyber War Will Not Take Place, in which he argues that the focus on war and winning distracts from the real challenge of cyberspace — namely, that non-violent confrontation could rival or even replace violence in surprising ways. […]